COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-32432

CVE-2025-32432

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-03-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-32432
⚡ RCE ⌖ exploited in the wild shame 85/100 rceexploited-in-wildsupply-chain

Craft CMS allows remote attackers to execute arbitrary code via a code injection vulnerability.

Craft CMS contains a critical code injection vulnerability enabling remote code execution, which poses a severe risk to DIB organizations relying on this CMS for content management systems. The vulnerability is actively exploited in the wild, necessitating immediate patching and review of all Craft CMS deployments to prevent unauthorized access and data exfiltration.

Shame score — Active exploitation of a critical RCE vulnerability in a widely-used CMS indicates significant security oversight and potential negligence in patch management.

Players implicated

Craft CMS · vendorCraft CMS · product

Description

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.